From 3db38cabcbff305693ae1638ad63208701926bd0 Mon Sep 17 00:00:00 2001 From: wangxiyuan Date: Fri, 28 Dec 2018 16:44:35 +0800 Subject: [PATCH] Clean up the create_arguments_apply methods replace create_arguments_apply methods by token model way. bp: removed-as-of-stein Change-Id: I3239e723981dc7d0a53eb454e879096318f7b11a --- keystone/token/providers/fernet/core.py | 25 +++++ keystone/token/token_formatters.py | 91 +++---------------- .../removed-as-of-stein-5eb23253b72ab54e.yaml | 5 + 3 files changed, 41 insertions(+), 80 deletions(-) diff --git a/keystone/token/providers/fernet/core.py b/keystone/token/providers/fernet/core.py index 64c29c7d09..7c0fda3422 100644 --- a/keystone/token/providers/fernet/core.py +++ b/keystone/token/providers/fernet/core.py @@ -44,11 +44,36 @@ class Provider(base.Provider): self.token_formatter = tf.TokenFormatter() + def _determine_payload_class_from_token(self, token): + if token.oauth_scoped: + return tf.OauthScopedPayload + elif token.trust_scoped: + return tf.TrustScopedPayload + elif token.is_federated: + if token.project_scoped: + return tf.FederatedProjectScopedPayload + elif token.domain_scoped: + return tf.FederatedDomainScopedPayload + elif token.unscoped: + return tf.FederatedUnscopedPayload + elif token.application_credential_id: + return tf.ApplicationCredentialScopedPayload + elif token.project_scoped: + return tf.ProjectScopedPayload + elif token.domain_scoped: + return tf.DomainScopedPayload + elif token.system_scoped: + return tf.SystemScopedPayload + else: + return tf.UnscopedPayload + def generate_id_and_issued_at(self, token): + token_payload_class = self._determine_payload_class_from_token(token) token_id = self.token_formatter.create_token( token.user_id, token.expires_at, token.audit_ids, + token_payload_class, methods=token.methods, system=token.system, domain_id=token.domain_id, diff --git a/keystone/token/token_formatters.py b/keystone/token/token_formatters.py index ce17eabb20..ddf1990c6a 100644 --- a/keystone/token/token_formatters.py +++ b/keystone/token/token_formatters.py @@ -135,23 +135,12 @@ class TokenFormatter(object): return issued_at - def create_token(self, user_id, expires_at, audit_ids, methods=None, - system=None, domain_id=None, project_id=None, - trust_id=None, federated_group_ids=None, + def create_token(self, user_id, expires_at, audit_ids, payload_class, + methods=None, system=None, domain_id=None, + project_id=None, trust_id=None, federated_group_ids=None, identity_provider_id=None, protocol_id=None, access_token_id=None, app_cred_id=None): """Given a set of payload attributes, generate a Fernet token.""" - for payload_class in PAYLOAD_CLASSES: - if payload_class.create_arguments_apply( - project_id=project_id, domain_id=domain_id, - system=system, trust_id=trust_id, - federated_group_ids=federated_group_ids, - identity_provider_id=identity_provider_id, - protocol_id=protocol_id, - access_token_id=access_token_id, - app_cred_id=app_cred_id): - break - version = payload_class.version payload = payload_class.assemble( user_id, methods, system, project_id, domain_id, expires_at, @@ -186,7 +175,7 @@ class TokenFormatter(object): versioned_payload = msgpack.unpackb(serialized_payload) version, payload = versioned_payload[0], versioned_payload[1:] - for payload_class in PAYLOAD_CLASSES: + for payload_class in _PAYLOAD_CLASSES: if version == payload_class.version: (user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -223,17 +212,6 @@ class BasePayload(object): # each payload variant should have a unique version version = None - @classmethod - def create_arguments_apply(cls, **kwargs): - """Check the arguments to see if they apply to this payload variant. - - :returns: True if the arguments indicate that this payload class is - needed for the token otherwise returns False. - :rtype: bool - - """ - raise NotImplementedError() - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -370,10 +348,6 @@ class BasePayload(object): class UnscopedPayload(BasePayload): version = 0 - @classmethod - def create_arguments_apply(cls, **kwargs): - return True - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -412,10 +386,6 @@ class UnscopedPayload(BasePayload): class DomainScopedPayload(BasePayload): version = 1 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['domain_id'] - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -471,10 +441,6 @@ class DomainScopedPayload(BasePayload): class ProjectScopedPayload(BasePayload): version = 2 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['project_id'] - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -516,10 +482,6 @@ class ProjectScopedPayload(BasePayload): class TrustScopedPayload(BasePayload): version = 3 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['trust_id'] - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -564,10 +526,6 @@ class TrustScopedPayload(BasePayload): class FederatedUnscopedPayload(BasePayload): version = 4 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['federated_group_ids'] - @classmethod def pack_group_id(cls, group_dict): return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id']) @@ -678,26 +636,14 @@ class FederatedScopedPayload(FederatedUnscopedPayload): class FederatedProjectScopedPayload(FederatedScopedPayload): version = 5 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['project_id'] and kwargs['federated_group_ids'] - class FederatedDomainScopedPayload(FederatedScopedPayload): version = 6 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['domain_id'] and kwargs['federated_group_ids'] - class OauthScopedPayload(BasePayload): version = 7 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['access_token_id'] - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -745,10 +691,6 @@ class OauthScopedPayload(BasePayload): class SystemScopedPayload(BasePayload): version = 8 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['system'] - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -787,10 +729,6 @@ class SystemScopedPayload(BasePayload): class ApplicationCredentialScopedPayload(BasePayload): version = 9 - @classmethod - def create_arguments_apply(cls, **kwargs): - return kwargs['app_cred_id'] - @classmethod def assemble(cls, user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, @@ -833,22 +771,15 @@ class ApplicationCredentialScopedPayload(BasePayload): app_cred_id) -# For now, the order of the classes in the following list is important. This -# is because the way they test that the payload applies to them in -# the create_arguments_apply method requires that the previous ones rejected -# the payload arguments. For example, UnscopedPayload must be last since it's -# the catch-all after all the other payloads have been checked. -# TODO(blk-u): Clean up the create_arguments_apply methods so that they don't -# depend on the previous classes then these can be in any order. -PAYLOAD_CLASSES = [ - OauthScopedPayload, +_PAYLOAD_CLASSES = [ + UnscopedPayload, + DomainScopedPayload, + ProjectScopedPayload, TrustScopedPayload, + FederatedUnscopedPayload, FederatedProjectScopedPayload, FederatedDomainScopedPayload, - FederatedUnscopedPayload, - ApplicationCredentialScopedPayload, - ProjectScopedPayload, - DomainScopedPayload, + OauthScopedPayload, SystemScopedPayload, - UnscopedPayload, + ApplicationCredentialScopedPayload, ] diff --git a/releasenotes/notes/removed-as-of-stein-5eb23253b72ab54e.yaml b/releasenotes/notes/removed-as-of-stein-5eb23253b72ab54e.yaml index b2527dcd32..c4221b7153 100644 --- a/releasenotes/notes/removed-as-of-stein-5eb23253b72ab54e.yaml +++ b/releasenotes/notes/removed-as-of-stein-5eb23253b72ab54e.yaml @@ -20,3 +20,8 @@ other: The ``keystone.conf [DEFAULT] secure_proxy_ssl_header`` configuration option was slated for removal in Pike and has now officially been removed. Please use ``oslo.middleware.http_proxy_to_wsgi`` instead. + - > + [`blueprint removed-as-of-stein `_] + The interface ``create_arguments_apply`` in token formatter payload has + been removed. The token payload now doesn't need to be force ordered any + more.